Application Security Consultant – Senior

This is a fully remote position, open to applicants in Brazil.

📋 Description

• Serve as a senior security consultant for development, cloud, and platform teams.

• Ensure that security measures are integrated from the solution design stage (security by design).

• Lead security architecture evaluations for intricate, distributed, and cloud-native applications.

• Conduct secure design assessments, threat modeling, and risk-informed decision making.

• Take charge of Application Readiness Reviews (ARR) for essential applications.

• Establish and share application security standards, best practices, and frameworks.

• Advise teams on secure coding, vulnerability remediation, and architectural choices.

• Carry out advanced vulnerability assessments (SAST, DAST, SCA, containers, and cloud).

• Collaborate with risk and security teams to formulate mitigation strategies.

• Encourage the adoption of DevSecOps practices, security in CI/CD pipelines, and automation.

• Assist in assessing and advancing security tools and platforms.

• Act as a technical mentor for junior professionals.

• Contribute to the development of the overall application security strategy.

⛳️ Requirements

• Proficient experience in Application Security.

• Background in Software Engineering or Security Architecture.

• Strong experience in software development (web, APIs, microservices, mobile, cloud-native).

• Deep understanding of architectural patterns (MVC, microservices, event-driven, serverless).

• Expertise in the OWASP Top 10, secure coding practices, and vulnerability mitigation techniques.

• Practical experience with tools: SAST (Static Application Security Testing).

• DAST (Dynamic Application Security Testing).

• SCA (Software Composition Analysis).

• Knowledge of container and cloud security.

• Experience in analyzing and prioritizing vulnerabilities based on risk and business implications.

• Solid understanding of CI/CD pipelines, DevSecOps, and security automation.

• Familiarity with cloud platforms: Azure, AWS, or GCP.

• Knowledge of IAM (Identity and Access Management).

• Understanding of data protection and cryptography.

• Familiarity with identity-based security models.

• Acquaintance with security frameworks (e.g., ISO 27002).

• Ability to translate technical risks into business impact.

• Significant experience collaborating with various stakeholders (technical and executive).

• Experience with agile methodologies (Scrum, Kanban, XP) is desirable.

• Knowledge of Threat Modeling (e.g., STRIDE) is desirable.

• Experience with penetration testing and related tools (Burp Suite, Metasploit) is desirable.

• Familiarity with container security and Kubernetes is desirable.

• Experience in defining security strategies at the corporate level is desirable.

🏝️ Benefits

• Remote work.